SECURE MACHINE ENROLLMENT IN MULTI-TENANT SUBSCRIPTION ENVIRONMENT
First Claim
1. A method for securely enrolling a machine in a multi-tenant environment, comprising:
- receiving a request from a machine to access a resource of a tenant in a multi-tenant environment that includes a token;
retrieving a trust relationship established with the tenant;
determining when the token is valid;
determining when the machine is authorized by the tenant to access the resource of the tenant using the token and the trust relationship; and
authorizing access to the resource when the machine is determined to be authenticated by the tenant.
2 Assignments
0 Petitions
Accused Products
Abstract
In a multi-tenant environment, machines across the Internet, belonging to a particular subscription are securely enrolled with the tenant'"'"'s subscription. Authentication of the machines is delegated to each of the tenant'"'"'s own on-premise authentication mechanism The trust relationship with the tenant'"'"'s authentication service is used to validate the security token presented by the machine being authenticated. Once authenticated, the machine has authorization (e.g. SSL machine cert for identity, security token, etc.,) to access the subscription. Each tenant within the multi-tenant environment can provide its own level of authentication. The machine presents the security token to the multi-tenant environment for requests for resources (e.g. services/content) from a user. When a request is received from a machine to access a resource, the multi-tenant environment determines from the issued token whether or not the machine is authorized to access the requested resources.
35 Citations
20 Claims
-
1. A method for securely enrolling a machine in a multi-tenant environment, comprising:
-
receiving a request from a machine to access a resource of a tenant in a multi-tenant environment that includes a token; retrieving a trust relationship established with the tenant; determining when the token is valid; determining when the machine is authorized by the tenant to access the resource of the tenant using the token and the trust relationship; and authorizing access to the resource when the machine is determined to be authenticated by the tenant. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium having computer-executable instructions for securely enrolling a machine in a multi-tenant environment, comprising:
-
receiving a request at a multi-tenant cloud based service from a machine to access a resource of a tenant in a multi-tenant environment; determining when the machine is authorized by the tenant to access the resource of the tenant by determining when a token is issued to the machine from the tenant that authorizes the machine to access the resource and verifying a root certificate issued by a certification authority associated with the tenant; and authorizing access to the resource when the machine is determined to be authenticated by the tenant. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system for securely enrolling a machine in a multi-tenant environment, comprising:
-
a network connection that is coupled to tenants of the multi-tenant environment; a processor and a computer-readable medium; an operating environment stored on the computer-readable medium and executing on the processor; and an authentication manager operating under the control of the operating environment and operative to; receive a request from a machine external to the multi-tenant environment to access a resource of a tenant; determine when the machine is authorized by the tenant to access the resource of the tenant by determining when a token is issued to the machine from the tenant that authorizes the machine to access the resource; and authorize access to the resource when the machine is determined to be authenticated by the tenant. - View Dependent Claims (18, 19, 20)
-
Specification